Skip to content

Security: johannschopplich/nuxt-api-party

.github/SECURITY.md

Security Policy

Supported Versions

Version Supported Support Status
≥ 0.22.x Active
≤ 0.21.x Not supported (end of life) since December 9, 2023
≤ 0.12.x Not supported (end of life) since June 27, 2023

Past Security Incidents

Affected Description Severity Vulnerability Type Fixed in
≤ 0.21.3 SSRF & Credentials Leak. Read more High (7.5) CWE-918 0.22.0
≤ 0.21.3 DOS by abusing fetchOptions.retry. Read more High (7.5) CWE-674 0.22.0
≤ 0.12.0 Leak secret tokens by changing baseURL. Read more High (7.5) CWE-840 0.13.0

Reporting a Vulnerability

To report a vulnerability, please draft a new security advisory. Alternatively, you can send an email to [email protected] with the word "SECURITY" in the subject line.

Learn more about advisories related to johannschopplich/nuxt-api-party in the GitHub Advisory Database